Inside the Briefcase
Cloud Providers Must Learn to Keep Secrets
May 19, 2011 No CommentsJust when you think it is safe to put your embarrassing college photos in the cloud, we learn that some cloud providers have the ability to look at your files: “Dropbox now asserts that it can decrypt and pass your data on to a third party if Dropfox feels it needs to do so, in order to protect its property rights.”
In other words, if somebody shows up with a legal reason to grab your data, Dropbox will gladly decrypt your data and hand it over. Moreover, it can see your data if it wants to do so — nice.
[ Get the no-nonsense explanations and advice you need to take real advantage of cloud computing in InfoWorld editors’ 21-page Cloud Computing Deep Dive PDF special report. | Stay up on the cloud with InfoWorld’s Cloud Computing Report newsletter. ]
The myth thus far is that cloud data storage security meant only you had the magical encryption key to see your stored data. Those files were safe, as secure as local storage, considering that local storage could fall into the wrong hands.
With this shocking revelation from Dropbox, we learned that the notion of security is only as good as your trust in your cloud computing provider. Worse, it seems there’s a difference between the posted privacy policy and what can really happen. I suspect other clouds have the same issue.
What’s good about this fiasco is that other providers will update their privacy policies with the fact that your stuff is less than private and they may be willing to sell you out when pressured. Moreover, there will be a disclosure that they have the ability to see your files, and even if they have a policy against viewing data, I imagine that looking at your vacation videos are a good way to pass the time for cloud providers’ third-shift guys. You’ll never know.
The cloud providers need to learn from this event. If they can’t be trusted, enterprises won’t use them. After all, if you can’t keep secrets, nobody will share them with you.
